name: PR Preview

on:
  push:
    branches:
      - "develop"
  pull_request:
    types: [opened, synchronize, reopened]

# Avoid duplicate workflows on same branch
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  upload-whl:
    runs-on: ubuntu-latest

    permissions:
      contents: read # This is required for actions/checkout
      statuses: write # This is required for "Set S3 URL as Github status" step

    defaults:
      run:
        shell: bash --login -eo pipefail {0}

    outputs:
      enable-setup: ${{ steps.exports.outputs.enable-setup }}
      preview-branch: ${{ steps.exports.outputs.preview-branch }}
      s3-url: ${{ steps.exports.outputs.s3-url }}

    steps:
      - name: Checkout Streamlit code
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: "recursive"
          fetch-depth: 2
      - name: Set Python version vars
        uses: ./.github/actions/build_info
      - name: Set up Python ${{ env.PYTHON_MAX_VERSION }}
        uses: actions/setup-python@v5
        with:
          python-version: "${{ env.PYTHON_MAX_VERSION }}"
      - name: Setup virtual env
        uses: ./.github/actions/make_init
      - name: Create Wheel File
        timeout-minutes: 120
        run: |
          sudo apt install rsync
          BUILD_AS_FAST_AS_POSSIBLE=1 make package
      - name: Store Whl File
        uses: actions/upload-artifact@v3
        with:
          name: whl_file
          path: lib/dist/*.whl
      # Uses action to safely process user input (branch name) to prevent script injection attacks
      - name: Set Environment Variables
        uses: ./.github/actions/preview_branch
        with:
          pull_request_number: ${{ github.event.pull_request.number }}
          ref_type: ${{ github.ref_type }}
          branch: ${{ github.ref_name }}
      - if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
        name: Upload wheel to S3
        id: exports
        env:
          BRANCH: ${{ env.BRANCH }}
          PREVIEW_BRANCH: ${{ env.PREVIEW_BRANCH }}
          AWS_DEFAULT_REGION: us-west-2
          AWS_ACCESS_KEY_ID: ${{ secrets.CORE_PREVIEWS_S3_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.CORE_PREVIEWS_S3_SECRET_KEY }}
        # To create a consistent location for the release/demo whl file, we need a
        # stagnent version number (streamlit-11.11.11)
        run: |
          sudo apt install -y awscli

          cd lib/dist
          export WHEELFILE="$(ls -t *.whl | head -n 1)"

          if [ "${BRANCH}" = "release/demo" ]
          then
            aws s3 cp "${WHEELFILE}" s3://core-previews/${PREVIEW_BRANCH}/streamlit-11.11.11-py2.py3-none-any.whl --acl public-read
            S3_URL="https://core-previews.s3-us-west-2.amazonaws.com/${PREVIEW_BRANCH}/streamlit-11.11.11-py2.py3-none-any.whl"
          else
            aws s3 cp "${WHEELFILE}" s3://core-previews/${PREVIEW_BRANCH}/ --acl public-read
            S3_URL="https://core-previews.s3-us-west-2.amazonaws.com/${PREVIEW_BRANCH}/${WHEELFILE}"
          fi
          echo -e "Wheel file download link: ${S3_URL}"

          cd ../..
          # env variables don't carry over between gh action jobs
          echo "enable-setup=${{ env.AWS_ACCESS_KEY_ID != '' }}" >> $GITHUB_OUTPUT
          echo "preview-branch=$PREVIEW_BRANCH" >> $GITHUB_OUTPUT
          echo "s3-url=${S3_URL}" >> $GITHUB_OUTPUT
      - if: steps.exports.outputs.enable-setup == 'true' && success() && github.repository == 'streamlit/streamlit' && github.event_name == 'pull_request' && github.event.sender.type == 'User'
        name: Set S3 URL as Github Status
        uses: actions/github-script@v7
        env:
          S3_URL: ${{ steps.exports.outputs.s3-url }}
        with:
          script: |
            const { sha } = context.payload.pull_request.head
            // For API documentation, see:
            // https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#create-a-commit-status
            await github.request(`POST /repos/streamlit/streamlit/statuses/{sha}`, {
              owner: 'streamlit',
              repo: 'streamlit',
              sha,
              state: 'success',
              target_url: process.env.S3_URL,
              context: 'Wheel ready!'
            })

  setup-preview:
    runs-on: ubuntu-latest

    needs: upload-whl
    if: needs.upload-whl.outputs.enable-setup == 'true'

    defaults:
      run:
        shell: bash --login -eo pipefail {0}

    steps:
      - name: Checkout Core Previews Repo
        uses: actions/checkout@v4
        with:
          repository: streamlit/core-previews
          # The default GITHUB_TOKEN is scoped only to the triggering streamlit/streamlit repo.
          # Accessing streamlit/core-previews repo requires a separate auth token.
          token: ${{ secrets.CORE_PREVIEWS_REPO_TOKEN }}
          # Save the access token to the local git config, so
          # later git commands can work.
          persist-credentials: true
      - name: Setup preview repo
        env:
          PREVIEW_BRANCH: ${{ needs.upload-whl.outputs.preview-branch }}
          S3_URL: ${{ needs.upload-whl.outputs.s3-url }}
        run: |
          git config --global user.email "core+streamlitbot-github@streamlit.io"
          git config --global user.name "Streamlit Bot"
          git branch -D "$PREVIEW_BRANCH" &>/dev/null || true
          git checkout -b "$PREVIEW_BRANCH"

          echo "$S3_URL" >> requirements.txt

          git add .
          git commit -m "Prepare core preview: ${PREVIEW_BRANCH}"
          git push -f origin ${PREVIEW_BRANCH}
      - name: Ready to deploy!
        env:
          PREVIEW_BRANCH: ${{ needs.upload-whl.outputs.preview-branch }}
        run: |
          echo -e "https://share.streamlit.io/deploy?repository=streamlit/core-previews&branch=${PREVIEW_BRANCH}&mainModule=E2E_Tester_🧪.py"
